This option controls how long in seconds LILO waits for user
input before booting to the default selection. One of the
requirements of C2 security is that this interval be set to 0
unless the system dual boots something else.

Adding: restricted

This option asks for a password only, if parameters are
specified on the command line (e.g. linux single). The option
restricted can only be used together with the password option.
Make sure you use this one on each image.

Adding: password=<password>

This option asks the user for a password when trying to load the
Linux system in single mode. Passwords are always
case-sensitive, also make sure the /etc/lilo.conf file is no
longer world readable, or any user will be able to read the
password.

An example of protected lilo.conf file.

Edit the lilo.conf file vi /etc/lilo.conf
and add or change the above three options as show:

Because the configuration file /etc/lilo.conf now contains
unencrypted passwords, it should only be readable for the
super-user root.

[root@test] /# chmod 600 /etc/lilo.conf
will be no longer world readable.

Now we must update our configuration file /etc/lilo.conf for the
change to take effect.

[root@test] /# /sbin/lilo -v to
update the lilo.conf file.

One more security measure you can take to secure the lilo.conf
file is to set it immutable, using the chattr command. To set
the file immutable simply, use the command:

[root@test] /# chattr +i /etc/lilo.conf

And this will prevent any changes accidental or otherwise to the
lilo.conf file. If you wish to modify the lilo.conf file you
will need to unset the immutable flag: To unset the immutable
flag, use the command: